Format: 1.8 Date: Fri, 08 Apr 2022 07:04:04 -0400 Source: gzip Binary: gzip Built-For-Profiles: noudeb Architecture: arm64 Version: 1.10-4ubuntu1.1 Distribution: impish Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gzip - GNU compression utilities Changes: gzip (1.10-4ubuntu1.1) impish-security; urgency=medium . * SECURITY UPDATE: arbitrary file override with crafted file names - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in. - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse. - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in. - debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. - debian/rules: fix permissions on new test scripts. - CVE-2022-1271 Checksums-Sha1: 6f56fb35159b5562623c321825d9dd8bb2993cb0 105202 gzip-dbgsym_1.10-4ubuntu1.1_arm64.ddeb 1aba1c0939ce5b16118af7d955d954a8521a2d89 6175 gzip_1.10-4ubuntu1.1_arm64.buildinfo ed4f3c7087bb627636c4c64e2bd0a7f39c4dded0 94778 gzip_1.10-4ubuntu1.1_arm64.deb Checksums-Sha256: 5154943a3f17208f122624b4dfbbfbd571190ee59dfc2dbf9efb445e654d53bf 105202 gzip-dbgsym_1.10-4ubuntu1.1_arm64.ddeb dd6e40398977b2d21b1811f26e9dda49eb798e08585fb262668bcab54cacbc56 6175 gzip_1.10-4ubuntu1.1_arm64.buildinfo fe01fafb3fa162a6435e94ba80350f735e46e4bd1fcad8634837dc9dad2275f7 94778 gzip_1.10-4ubuntu1.1_arm64.deb Files: eb514e6ab61035fc8f5fd1e991cab249 105202 debug optional gzip-dbgsym_1.10-4ubuntu1.1_arm64.ddeb 6e8f5f3ba135acdb4b3db37bd6248064 6175 utils required gzip_1.10-4ubuntu1.1_arm64.buildinfo 062eb30d15262bd739df54d16c6b1c73 94778 utils required gzip_1.10-4ubuntu1.1_arm64.deb Original-Maintainer: Milan Kupcevic